oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 9 Packages Projects Releases Wiki Activity

chore: enhance security configuration across applications

Browse Source 
- Add root-level *.json to .gitignore to prevent wallet backup leaks
- Replace wildcard CORS origins with explicit localhost URLs across all apps
- Add OPTIONS method to CORS allowed methods for preflight requests
- Update coordinator database to use absolute path in data/ directory to prevent duplicates
- Add JWT secret validation in coordinator config (must be set via environment)
- Replace deprecated get_session dependency with Session
This commit is contained in:
oib
2026-02-13 16:07:03 +01:00
parent e9646cc7dd
commit c984a1e052
13 changed files with 434 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
apps/coordinator-api/src/app/routers/users.py
View File

@@ -10,7 +10,7 @@ import time
import hashlib
from datetime import datetime, timedelta
from ..deps import get_session
from ..storage import SessionDep
from ..domain import User, Wallet
from ..schemas import UserCreate, UserLogin, UserProfile, UserBalance
@@ -50,7 +50,7 @@ def verify_session_token(token: str) -> Optional[str]:
@router.post("/register", response_model=UserProfile)
async def register_user(
user_data: UserCreate,
session: Session = Depends(get_session)
session: SessionDep
) -> Dict[str, Any]:
"""Register a new user"""
@@ -103,7 +103,7 @@ async def register_user(
@router.post("/login", response_model=UserProfile)
async def login_user(
login_data: UserLogin,
session: Session = Depends(get_session)
session: SessionDep
) -> Dict[str, Any]:
"""Login user with wallet address"""
@@ -161,7 +161,7 @@ async def login_user(
@router.get("/users/me", response_model=UserProfile)
async def get_current_user(
token: str,
session: Session = Depends(get_session)
session: SessionDep
) -> Dict[str, Any]:
"""Get current user profile"""
@@ -190,7 +190,7 @@ async def get_current_user(
@router.get("/users/{user_id}/balance", response_model=UserBalance)
async def get_user_balance(
user_id: str,
session: Session = Depends(get_session)
session: SessionDep
) -> Dict[str, Any]:
"""Get user's AITBC balance"""
@@ -223,7 +223,7 @@ async def logout_user(token: str) -> Dict[str, str]:
@router.get("/users/{user_id}/transactions")
async def get_user_transactions(
user_id: str,
session: Session = Depends(get_session)
session: SessionDep
) -> Dict[str, Any]:
"""Get user's transaction history"""